Bug#729029: marked as done (openssh: CVE-2013-4548: Memory corruption in AES-GCM support)
Your message dated Sat, 09 Nov 2013 21:24:51 +0000
with message-id <E1VfG1T-0003a0-RF@franck.debian.org>
and subject line Bug#729029: fixed in openssh 1:6.4p1-1
has caused the Debian Bug report #729029,
regarding openssh: CVE-2013-4548: Memory corruption in AES-GCM support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
729029: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729029
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh
Severity: grave
Tags: security
Justification: user security hole
Please see http://www.openssh.com/txt/gcmrekey.adv
No CVE ID has been assigned yet.
AES-GCM support was introduced in 6.2, so oldstable and stable should
be fine (from http://www.openssh.com/txt/release-6.2):
| * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption in
| SSH protocol 2. The new cipher is available as aes128-gcm@openssh.com
| and aes256-gcm@openssh.com. It uses an identical packet format to the
| AES-GCM mode specified in RFC 5647, but uses simpler and different
| selection rules during key exchange.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:6.4p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 729029@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Nov 2013 18:24:16 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.4p1-1
Distribution: unstable
Urgency: high
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 158590 436052 651357 729029
Changes:
openssh (1:6.4p1-1) unstable; urgency=high
.
* New upstream release. Important changes:
- 6.3/6.3p1 (http://www.openssh.com/txt/release-6.3):
+ sftp(1): add support for resuming partial downloads using the
"reget" command and on the sftp commandline or on the "get"
commandline using the "-a" (append) option (closes: #158590).
+ ssh(1): add an "IgnoreUnknown" configuration option to selectively
suppress errors arising from unknown configuration directives
(closes: #436052).
+ sftp(1): update progressmeter when data is acknowledged, not when
it's sent (partially addresses #708372).
+ ssh(1): do not fatally exit when attempting to cleanup multiplexing-
created channels that are incompletely opened (closes: #651357).
- 6.4/6.4p1 (http://www.openssh.com/txt/release-6.4):
+ CVE-2013-4548: sshd(8): fix a memory corruption problem triggered
during rekeying when an AES-GCM cipher is selected (closes:
#729029). Full details of the vulnerability are available at:
http://www.openssh.com/txt/gcmrekey.adv
* When running under Upstart, only consider the daemon started once it is
ready to accept connections (by raising SIGSTOP at that point and using
"expect stop").
Checksums-Sha1:
d3d59b8f7f36dc1d53307ddfced196d04657f620 2586 openssh_6.4p1-1.dsc
cf5fe0eb118d7e4f9296fbc5d6884965885fc55d 1201402 openssh_6.4p1.orig.tar.gz
99d8fe7771b5135e6da98fcd2a081bd34036edae 171847 openssh_6.4p1-1.debian.tar.gz
7e97ebf8d108d51521bc0b6ed2a6ab319865183b 599808 openssh-client_6.4p1-1_i386.deb
1f90c0c75d29a0aeed75d731b45d31d3ae756da0 261508 openssh-server_6.4p1-1_i386.deb
f6ec921377b9a788c0153ab0f0d4226c2711a235 1060 ssh_6.4p1-1_all.deb
eaed6150c0f0dbd90e8771163cbcc4fede986b7d 113730 ssh-krb5_6.4p1-1_all.deb
1ea2ed34e049677d9385a6a72c74fb11328dbdc4 121450 ssh-askpass-gnome_6.4p1-1_i386.deb
0797ea0ccff3611726edca0e13d6df8543d6b61e 185162 openssh-client-udeb_6.4p1-1_i386.udeb
7f12f2d5b2ed96c1d78d1e441fe63da5d5b44568 212216 openssh-server-udeb_6.4p1-1_i386.udeb
Checksums-Sha256:
3f7b4085228cd4db9990011c9902e872737a644013f0f981299e9797bce1a600 2586 openssh_6.4p1-1.dsc
5530f616513b14aea3662c4c373bafd6a97a269938674c006377e381f68975d2 1201402 openssh_6.4p1.orig.tar.gz
a1a70cef430e9723b49f2afbc08f01df4b17ee72348d6c6c5dbe67e004f9a109 171847 openssh_6.4p1-1.debian.tar.gz
3c4c382b68bff757daba80ab4328e3ddfab1d1097303e7c0d2fb832f2784effe 599808 openssh-client_6.4p1-1_i386.deb
4e0e053d91edec9c78165d1faf2fb9fc27baf33a06141bee5eddb3be6073bd15 261508 openssh-server_6.4p1-1_i386.deb
9fad63aa5df44b86cfdb69ff27794718eaf3e804a9d005e46ca5b3a3a97fdc4e 1060 ssh_6.4p1-1_all.deb
26b08bc547b8467462448efd5a2f835c8dbe5599f800ca57fdd29eedd84e83fe 113730 ssh-krb5_6.4p1-1_all.deb
916ad5c7fc011adf1f2409998fd4df906c29a48e4af9a562d7c6dda59d8e77a8 121450 ssh-askpass-gnome_6.4p1-1_i386.deb
6c5cd1265bdaeed6a11504fc2e8c66e9c32c62b6fae9b4f88384b93c0c47daa3 185162 openssh-client-udeb_6.4p1-1_i386.udeb
f292febd717cecaa0f6c25562bf1dbe714f4481b55f49df39f6253c6e6f148d0 212216 openssh-server-udeb_6.4p1-1_i386.udeb
Files:
707f9097f554faf738a41594dc9dcec3 2586 net standard openssh_6.4p1-1.dsc
a62b88b884df0b09b8a8c5789ac9e51b 1201402 net standard openssh_6.4p1.orig.tar.gz
9a9e5dcb06b079c035caead19a3a043a 171847 net standard openssh_6.4p1-1.debian.tar.gz
58708693dfa5b77dc6b6121591877854 599808 net standard openssh-client_6.4p1-1_i386.deb
55d558b527e3b2aaa53c250903f5bfe4 261508 net optional openssh-server_6.4p1-1_i386.deb
00268a9c416eefe9f9d23ef8fe65bbc2 1060 net extra ssh_6.4p1-1_all.deb
1e33bed0871d4dc8f9d950549bf27e7a 113730 oldlibs extra ssh-krb5_6.4p1-1_all.deb
4c7183639e9450f16a54daff2460a7ec 121450 gnome optional ssh-askpass-gnome_6.4p1-1_i386.deb
13aa54a73a0da6ab353173172a08a456 185162 debian-installer optional openssh-client-udeb_6.4p1-1_i386.udeb
a5556a27a17d3c6a99d0b9935db0a9ae 212216 debian-installer optional openssh-server-udeb_6.4p1-1_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBUn6SYDk1h9l9hlALAQhU2RAAlDhFCCcWHxlyj0oAl1LXNT7n68re0yfU
WuXOz9VJYavcigaX3872CkdCxhHMHSQ9idiodr+HhcubdbE/x2y9dYe+0mT6mygk
LwL6ed+Z60wF5IU31ZMhymhGDKq+kXaTo/rGdV25KM+MHbOBSjaEgjzc6Of+KVzi
BbuziJ0KKaaBpqYNS5Vevih1EIgLxRyvSLAQKH1opmjBHk7M3ljCQH1u/K9AnNPx
B8wKbl3vwQQwsxczzQ7tXOvGkUP9Vr7y21XSc8RJnrBojUL3Yl2SjWJWl0tO+sJ3
9KGZFU0sL45NdAxKxw5hO6X9VVVtf5gR0A6G8/8P5Ja28LacbnR3QcAq8/xGIcEA
hVQzTE+SO0we8zoCVYTQhoWtq97eDXDJRoqLxQaIkDo2fwzm4/nzp+4y81pn+pQ6
0SiY64Ix1tcewlgi5CI1LPfawMP/u6bv2C7xr2aVnLcUCoKyiTl2LuyNP+pIMdxy
QIkJUH3IBHtAMtGVW/GwtgLGo0v+v4aMki0+AJhoLXBZfPMyOdIMA5xZQMBtAqkM
dTAARD1gmbzgReq35y4amcEXbSHcHwM9e/LCJdHDSnM7m9jdtjuNI9Ipg5tuaylW
HQpKs3sXZLTMRgUfQp+a4uWA6kio6nsuR+ZoDjycLMzJCWpydWLn1xG8ScxSPjvj
sXWC6BYZ0/4=
=nUhU
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: